Self-Driving Cars: New Cybersecurity Challenge

Posted By Denis Shokotko on Jul 26, 2016 | 0 comments

Sometimes there is a feeling that we live in a science fiction novel. Kitchen appliances cook dinner when we return from work. TVs remember viewers’ preferences. Smart cars suggest a way to bypass traffic jams and adjust the temperature in the cabin… Yet people have a place in this high-tech chain. We manage smart devices – give orders and monitor their execution. But it seems that very soon smart devices will be able to do without our participation. And one of the first areas where we will see these changes may be transport. Self-driving cars are already passing the “field” testing.

Cars that drive themselves are a new idea. Google launched the first driverless vehicles in 2009 and since 2014 its self-driving cars are being tested in a real urban environment. Several traffic accidents have been recorded with the participation of the Google self-driving cars. But as it turned out in the course of investigations these are cars driven by people to blame for these accidents, not the driverless cars. This fact proves a fairly high level of driverless car technology achieved by the smart cars’ developers.

Other leading companies are not far behind. Moreover, not only the traditional leaders of the automotive industry but also large IT companies are involved in the creation of fully computer-controlled cars. Along with such companies as Volvo and Daimler, East Asian giants Samsung and Baidu are also working on their own self-driving cars. If to consider the speed of economic and technological development of Asian countries, it is not clear now who will be the first to release a fully efficient self-driving vehicle.

It seems that the first field to use the self-driving vehicles will be cargo transportation. Driverless vehicles will naturally fit into the production chain of dispatch and transfer of goods from the warehouse to the customer. Many links in this chain have already been automated: the release of the goods is managed by the warehouse programs; many companies already have computer-controlled loading machines. If we add self-driving trucks, connected to a certain centralized network, to this system, we will get a fully automated production cycle. Such organization of work can significantly reduce the costs of cargo transportation, as well as simplify the delivery and calculations.

The US transport concern Daimler is working on a practical implementation of these ideas. The company’s fully computer-controlled trucks have recently been allowed by law to drive in the state of Nevada. The Russia’s company KamAZ is also working on the same project. Company’s experts promise to release an efficient version of the self-driving truck by 2020.

However, the benefits from the use of self-driving cars may be nullified by the risks they incur. And it’s not just about traffic safety, as it is only one of the vulnerable points. Another major cause for concerns may be data protection.

When driving a modern car (not driverless yet) we use not only the control computer system of the car but also different radars, onboard computers, media centers, GPS systems, stereo cameras, etc. What is especially dangerous in this situation is that data exchange is carried out via existing platforms and communication channels (Wi-Fi, GSM, and so on). Any of these components can be hacked and compromised.

Today we already have the precedents of successful cyber attacks against data protection systems of the vehicles with elements of computer control. Widely known became an experimental hack of the Jeep Cherokee SUV computer system. It has demonstrated how vulnerable the user data protection is in such complex devices as cars. But it was an ordinary man driven car with the computer being “in charge” of only some features!

Fully computer-controlled cars will certainly require a permanent network connection in order to exchange information on road and traffic conditions and transfer the telemetry and geolocation data to the system. In this case, hacking only one element, i.e. the onboard computer of any vehicle, would jeopardize the security of the entire system.

Although experts predict that self-driving cars will get widespread no earlier than in 2020, we already see an obvious need to pay close attention to the safety of these vehicles.

The good news is that Intel is seriously working on this issue as it has announced the launch of the Automotive Security Review Board (ASRB). And the first document describing the modern methods in the automotive cyber security has already been published. It is planned to inspect and test new cars. Besides, the intelligent transport safety became one of the topics discussed at the 46th World Economic Forum in Davos.

This approach seems to be very thoughtful and far-sighted: it is better to take care of the security of the new technology prior to its entry into mass production and widespread use.